I work for a 67 person engineering consulting firm and every smartphone in the office is brought in by the employee. No one has an Android tablet, but there are about ten people with iPads that connect to our Exchange server. I keep my devices close at hand, but still enable the screen lock function on my phones. I don't have this turned on for my iPad now and actually wasn't too shocked to read an ESET/Harris Interactive study that shows less than 10% of people using their own tablets for work auto lock them.
Graphic provided by ESET
As more and more people bring their own smartphone and/or tablet into the office, it gets to be quite difficult and costly for IT managers to control access to company data and information. Security professionals have been concerned about BYOD for a while, but as the mobile device market continues to grow the potential security issues are increasing and the data shows that employees aren't really taking things seriously.
According to the study, the following was measured:
- Less than 10% of people currently using their own tablets for work have auto-locking enabled.
- People were more security-savvy about their smartphones, with 25% using autolock.
- One third of laptop users have auto-locking enabled, which means two thirds do not.
- Auto-locking with password protection was enabled by less than half of laptop users, less than a third of smartphone users, and only one in ten tablet users.
I have a lock on my laptop at work, but think it is actually more important to have a lock enabled on a tablet that you carry around (potentially easier to leave behind too) and take home with you. If you use and connect through Exchange then it is likely that your IT manager can remote wipe your device if lost or you can do it yourself through Apple, Microsoft, or 3rd party services if you have this functionality enabled on your device. I have password lock enabled and remote wipe capability on my phones, but I do need to take some time to secure my tablets.
BYOD enables you to get access faster, respond and interact with clients from more locations, and have devices that you want to actually own and use. However, companies need to create and enforce policies that give at least some minimal security protection. Auto locking and password protection is easy to enable on mobile devices and the few seconds it takes to unlock your device is worth it.
UPDATE: An example of how serious a problem this can be is posted over on Ars Technica where they report that 99% of NASA's portable devices are unencrypted.
- Great Debate: Bring your own device
- BYOD: Wins, hurdles and lessons for 2012
- BYOD busted? It’s OK we know you’re doing it.
- Top iOS Apps lists not boding well for BYOD
- 5 ways ‘bring your own device’ will impact your company
- BYOD: The inevitable reality